Force MFA policy based on being in an Administrator Role
Can I apply an MFA policy based on someone being in an Administrator Role?
It would provide greater security for anyone granted Administrator access to be automatically assigned to a pre-defined MFA policy. All I've been able to find so far is that it appears to be a two step process during user setup when a user is added to an Administrator role they also need to be placed in a group that has an MFA policy.
Is there some way this can be automated with a setup option within the MFA policy so it is also role based and not just group based? Or am I missing somewhere that a group can be automatically built off people in an Administrator role?
Currently this is only possible the way you have described it, to add administrative roles, and then apply those people to a group to require MFA.
It does however sound like a good idea for a Request for Enhancement. In the community if you select "Ideas (https://support.okta.com/help/ideas/ideaList.apexp)" from the top right hand corner you can submit a suggestion, and then community members can vote up the those ideas that are popular. I'd certainly vote that one up as it makes sense for a good security enhancement.
I see another idea to prompt for MFA ahead of the elevation to Admin rights (upon clicking the admin button) that has been out for a year. I'll consider putting this one out there as well, but having the prompt upon moving to the Admin functions would work just as well too.